Технические ссылки для Cisco Cisco Transport Manager 9.2
9
Cisco Transport Manager Release 9.2 Basic External Authentication
OL-21046-01
Installing RADIUS Authentication Tools
CTM provides an installation script that installs the following files:
•
Pam_radius_auth.so—A shared library file that is provided by FreeRADIUS. It is a PAM service
module that encapsulates all of the RADIUS client code installed in the usr/lib/security directory.
The pam_radius_auth.so file is considered a third-party component.
module that encapsulates all of the RADIUS client code installed in the usr/lib/security directory.
The pam_radius_auth.so file is considered a third-party component.
•
Pam_radius_auth.conf—A configuration file installed in the /opt/CiscoTransportManagerServer/cfg
directory. Configuration information includes the IP address of the RADIUS server, the
authentication port, the shared secret, the request timeout, and the number of retries.
directory. Configuration information includes the IP address of the RADIUS server, the
authentication port, the shared secret, the request timeout, and the number of retries.
Note
The shared secret should be a strong password that contains at least 16 characters.
The installation script also changes the /etc/pam.conf file to configure the PAM library to use the
pam_radius_auth.so service module for authentication.
pam_radius_auth.so service module for authentication.
Installing RADIUS Authentication Tools
Step 1
Mount the CTM Server Disk 1 installation CD.
Step 2
Enter the following command:
cd /cdrom/ExtAuth/bin
Step 3
Launch the ./pam_radius_auth_install interactive script to install and configure the RADIUS client for
CTM.
CTM.
Note
This step also copies the RADIUS files locally to /opt/ExtAuth, so that you can proceed without
using a CD.
using a CD.
Step 4
Follow the interactive script to install and add the RADIUS server configuration. The interactive script
allows you to:
allows you to:
•
Install the PAM service module and RADIUS configurations.
•
Add configuration information for other RADIUS servers at any time.
•
Delete or modify configuration information.
•
Change the order of the RADIUS servers, because the position of a RADIUS server determines the
order that CTM’s RADIUS client follows when requesting authentication when more than one
RADIUS server is present.
order that CTM’s RADIUS client follows when requesting authentication when more than one
RADIUS server is present.
•
Uninstall the PAM service module and RADIUS configurations.
RADIUS System Flow
Users must be configured on both the CTM local authentication database and the remote access server.
Usernames must be the same, but passwords can differ.
Usernames must be the same, but passwords can differ.